Multipart parsing in Tomcat breaks console imports?
336 views
Skip to first unread message
Brian Snijders
Nov 10, 2016, 7:49:40 AM11/10/16
to hippo-c...@googlegroups.com
Hi guys,
I'm using casual multipart parsing in Tomcat to allow Spring Security CSRF controlled enterprise forms with file upload fields to be POST'ed to Hippo, by configuring the context like this:<Context allowCasualMultipartParsing="true">
...
</Context>
Without casual parsing, the POST is not authorised due to the fact the CSRF token can't be correctly decoded. However, activating casual parsing causes my CSRF uploadforms to work, but causes multipart uploads in Hippo to fail (at least when importing in the console):
Loglines indicate a multipart stream which is ended prematurely:
[INFO] [talledLocalContainer] 13:35:14.069 [http-nio-8080-exec-8] ERROR o.a.w.u.u.MultipartFormInputStream - Error while reading servlet request multi-part data: Stream ended unexpectedly. boundary='-----------------------------358022632195570873745880365454'; bufSize=4096
[INFO] [talledLocalContainer] 13:35:14.069 [http-nio-8080-exec-8] ERROR o.a.w.u.u.MultipartFormInputStream - Error while reading servlet request multi-part data: Stream ended unexpectedly. boundary='-----------------------------358022632195570873745880365454'; bufSize=4096
My question is, is casual multipart parsing even possible with Hippo? If not, I need to find other ways to decode CSRF tokens properly using a separate multipart decoder (instead of Tomcat itself).
Thanks,
Brian
--
Brian Snijders
Consultant online
t: +31102020544
m: +31645540083
w: www.incentro.com
rotterdam office | van nelle ontwerpfabriek
van nelleweg 2429 | 3044 bc | rotterdam
Woonsan Ko
Nov 10, 2016, 3:10:28 PM11/10/16
to hippo-c...@googlegroups.com
Hi Brian,
The 'allowCasualMultipartParsing' option of tomcat seems like a parameter for Context element.
If so, I think you can set the parameter only for the SITE application, not globally, by separating the context.xml.
Regards,
Woonsan
--
Hippo Community Group: The place for all discussions and announcements about Hippo CMS (and HST, repository etc. etc.)
To post to this group, send email to hippo-community@googlegroups.com
RSS: https://groups.google.com/group/hippo-community/feed/rss_v2_0_msgs.xml?num=50
---
You received this message because you are subscribed to the Google Groups "Hippo Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hippo-community+unsubscribe@googlegroups.com.
Visit this group at https://groups.google.com/group/hippo-community.
For more options, visit https://groups.google.com/d/optout.
Boston - 745 Atlantic Ave, 8th Floor, Boston MA 02111
Amsterdam - Oosteinde 11, 1017 WT Amsterdam
US +1 877 414 4776 (toll free)
Europe +31(0)20 522 4466
Amsterdam - Oosteinde 11, 1017 WT Amsterdam
US +1 877 414 4776 (toll free)
Europe +31(0)20 522 4466
Brian Snijders
Nov 13, 2016, 2:53:05 PM11/13/16
to hippo-c...@googlegroups.com
Hi Woonsan,
Thanks for your reply. It's a good solution, one I didn't think of yet. However, in the meantime, I've managed to solve this by plugging in another type of multipartresolver in Spring its Multipart Filter. Everything works like a charm now! Happy to post the solution here if you're interested!Woonsan Ko
Nov 13, 2016, 4:01:51 PM11/13/16
to hippo-c...@googlegroups.com
Hi Brian,
Great! Thank you so much for sharing the solution. I've just googled and found this:
- http://stackoverflow.com/questions/21397939/spring-security-3-2-csrf-support-for-multipart-requests
I guess your solution is similar to that?
Regards,
Woonsan
Brian Snijders
Nov 14, 2016, 4:22:25 AM11/14/16
to hippo-c...@googlegroups.com
Haha nice, in fact this is *exactly* what I've used :)
Reply all
Reply to author
Forward
0 new messages